Purpose of the Role: 

• To lead the identification, assessment, and mitigation of end-to-end supply chain risks to ensure resilience and continuity.
• To align risk management strategies with the 10 Process Centric Teams (PCT’s) in Supply Chain and the 17 principle risk types, while owning risk registers, readiness checklists, and CSTs (Control Self-Assessments) for the department.

Key Responsibilities / Deliverables: 

Supply Chain Risk Governance & Frameworks

• Lead the group-wide supply chain risk framework, ensuring consistent application across 6 subsidiaries (EBCDC, EBKL, EBTZ, EBSS, EBRW, EBUG) and alignment with enterprise risk appetite.
• Establish subsidiary-specific governance committees to escalate risks (e.g., regional disruptions, local regulatory non-compliance).
•  Collaborate with Process-Centric Teams (PCTs); Administration, Procurement, Warehouse & Logistics, etc. to embed risk policies into their workflows.

Risk Identification, Assessment, and Reporting

Enterprise-Wide Risk Assessments

• Conduct group-level risk assessments across all 10 Process-Centric Teams (PCTs), aligning risks to the 17 principle risk types.
• Oversee Control Self-Assessments (CSTs) and Key Risk Indicators (KRIs) tailored to each PCT’s operations.

Risk Register Development & Maintenance

• Develop and maintain Subsidiary-specific risk registers (EBKL, EBRW, etc.) tracking exposures per PCT.
• Consolidated group-wide registers mapping risks across all 6 subsidiaries.
• Ensure registers are updated as per set cadence with mitigation progress.

Monitoring & Challenge

Actively monitor and challenge PCT leaders (Procurement, Logistics, HSE, etc.) on:

• Emerging risks.
• Cross-subsidiary dependencies.
• Validate mitigation plans are actionable, resourced, and time-bound.

Reporting & Escalation

Deliver monthly risk reports to the Head of Supply Chain Governance & Processes, including:

• Heat maps ranking risks by likelihood/impact.
• Subsidiary-specific control gaps.
• Regulatory exposure dashboards.

Incident Management & Scenario Analysis

• Oversee incident response for supply chain disruptions, ensuring root cause analysis.
• Lead scenario planning for subsidiary-specific risks.
• Develop PCT-specific readiness checklists and Control Self-Assessments (CSTs).

Risk in Projects & Change Management

• Provide risk oversight for supply chain initiatives (e.g., outsourcing, nearshoring, digital transformation).
• Embed risk considerations into workflows and strategic decisions (e.g., supplier onboarding, cost vs. risk trade-offs).
• Evaluate risk exposures of prospective procurements 
• Partner with Governance & Processes PCT to develop group-wide risk thresholds for project approvals.
• Track post-implementation risk metrics

Stakeholder Engagement & Culture

• Act as the primary liaison for supply chain risk with internal teams and external partners (suppliers, regulators) on behalf of the Head of Supply Chain Governance And Processes.
• Promote a risk-aware culture through training, workshops, and advisory support for business units.

Qualifications

Experience Must-Haves:

• 8+ years in supply chain risk management, with at least 5 years in a group/regional -level role overseeing multiple countries/subsidiaries/business units.

Proven experience in:

• Developing risk registers, CSTs, and readiness checklists for diverse Process-Centric Teams (PCTs).
• Managing multi-jurisdictional supply chains (e.g., navigating tariffs, sanctions, local compliance).
• Leading risk assessments for procurements (>$[X] threshold) and change initiatives (e.g., warehouse automation).
•  Track record of influencing C-suite stakeholders and subsidiary leadership (e.g. CEO, Procurement Head).

Nice-to-Haves:

•  Experience with specific subsidiaries’ markets; DRC, Kenya, Uganda, Rwanda, Tanzania, South Sudan
•  Background in non-supply-chain risk domains (e.g., operational risk, cybersecurity) to address cross-functional exposures.

Academic qualifications and certifications  

Must-Haves:

• 8+ years in supply chain risk management.
• Experience developing risk registers/checklists.

Nice-to-Haves:

• Certifications (CSCMP, CPSM, CRISC).
•  Geopolitical risk analysis experience.